Canada Considers Keeping Public Data Stored Within Borders

The Government of Canada has released a cloud adoption plan this week which restricts cloud storage of much of its data to Canadian data centers. The plan calls for “secret” and “top secret” data to be stored internally, while “classified” information, including personally identifiable information, will be stored in the cloud but within Canada.

Under the plan, unclassified information can be stored anywhere, so long as it is encrypted when it crosses a border.

The country’s Treasury Board, which has been tasked with modernizing the government’s IT practices, released the Cloud Adoption Strategy for public comment, along with Security Control Profile for Cloud and Right Cloud Selection documents, which together outline a plan based on three levels of data security.

Consultations with provincial governments and over 60 industry organizations over a two-year period inform the draft plan, and public feedback will be collected until the end of September.

“Canadians expect governments to make the most of available technologies to improve service delivery,” Scott Brison, president of the Treasury Board of Canada said in a statement. “Cloud computing will help the Government of Canada get better value for taxpayers’ dollars, become more nimble in its operations, and meet the evolving needs of Canadians.”

Shared Services Canada will procure public cloud services for “data of classifications up to Plan B inclusive” over the next year, and the services will be rolled out to federal departments ahead of other levels of government and public institutions.

However, storing data exclusively in Canada does not necessarily ensure that it will remain in the country, as research indicates that data stored and accessed within Canada often follows routes that cross into the U.S.